Restricted Shell for SSH Server

From wiki.linuxonlinehelp.de
Jump to: navigation, search

If you use SSH Logins you can lock down the Console to a restriced shell with less enabled commands!

Remark: rbash is not 100% secure, Server should be never reachable to Consoles from Internet!!

This does not work with installed tmux or screen, cause Users can break out of rbash!

  • Login as root User on the Server
  • install rbash with:
apt-get install rbash
  • rename bash by:
mv /bin/bash /bin/oldbash
  • Disable other Shells for User
chmod o= /bin/oldbash
chmod 700 /bin/sh
chmod 700 /bin/dash
  • create a symlink for rbash to bash
$ln -s /bin/bash /bin/rbash
  • enable rbash by system setting /etc/shells
$echo '/bin/rbash' >> /etc/shells
  • set user shell to /bin/rbash
$chsh   #set user shell to /bin/rbash
  • Disable "chsh" Change Shell Command for Users
$chmod o= /bin/chsh
  • Login as user and test linux commands..
  • Purge tmux and screen Multiplexer if installed!